cd ../capstone

Enterprise IoT Mapper

An all-in-one passive IoT and embedded device network mapper. IoT Sentry passively monitors and analyzes devices on a network via PCAP analysis to perform asset identification with accuracy of at least the vendor of the device.

Project Overview

Passive monitoring of devices on a network is difficult. Not all devices have a direct correlation with their network card being used. Build out a toolset capable of analyzing live captures or pre-recorded PCAPs to perform asset identification with an accuracy of at least the vendor of the product. The devices of interest are IoT devices as well as other embedded devices which are commonly attached to networks in an enterprise or critical environment.

IoT Sentry is a system that is able to passively monitor and analyze devices on a network. To do so, the system is fed pre-recorded PCAPs in order to perform asset identification with an accuracy of at least the vendor of the device. It will also attempt to reason the likelihood of an unknown device being an IoT device as well as a credibility score based on if it is malicious or not.

IoT devices as well as other embedded devices are the main targets for identification on a network.

Team Members

Nicholas Pinedo

Kushagra Kshatri

Megan Beaudoin

Benjamin McLemore

Jacob Kenny

Allen Olesen

Project Details

Duration

15 weeks ± 2

Team Size

3-8 Students

Skill Set

  • Understanding of networking from a packet level
  • Comfortable with learning new network protocols
  • C/C++, Python, and Lua preferred (other languages acceptable)
  • (Optional) Machine Learning - Can be beneficial to spotting small differences in data on the wire

What Was Built

PCAP Analysis Software

The team built software capable of analyzing packet capture (PCAP) files to extract device metadata including device brand, make, and model. This software processes network traffic passively without interacting with the network, making it ideal for security monitoring.

Real-Time Network Monitoring

Beyond analyzing pre-recorded PCAP files, the team developed software capable of performing real-time passive network monitoring. This allows for continuous device identification and analysis as traffic flows through the network.

MAC Address Prefix Matching

A key component built by the team is a MAC address prefix matching program that processes Zeek logs. The system takes Zeek logs and converts them into an ingestible format for both the database and other Python scripts. It then performs MAC address matching to identify device vendors, achieving the minimum requirement of vendor identification.

Watch MAC address matching demo

Network Visualization Dashboard

The team built a comprehensive visualization tool using Neo4j graph database to represent network topology and device connections. This graph-based visualization allows users to see connections and nodes in a digestible way, making it easier to identify suspicious devices and understand network relationships.

Integrated Application Platform

The team developed an integrated application that enables end users to access both real-time network monitoring and visualization simultaneously. This unified platform provides a complete solution for passive IoT device mapping and network analysis.

Technology Stack

Throughout the project, the team researched and integrated various technologies including:

  • Zeek for network traffic analysis
  • Neo4j graph database for network visualization
  • Flask for web application development
  • ELK stack (Elasticsearch, Logstash, Kibana) for data processing
  • Containerization technologies (Docker/Kubernetes)
  • Python for data processing scripts

Documentation

IoT Sentry Slide Deck

Presentation slides about IoT Sentry

Project Report

Complete project report and documentation

Back to all capstone projects